Contents

Introduction

Most users installing Linux today choose to install and configure the X Windows System. This allows those users to access their Linux environment using a graphic (GUI) console connected to the workstation or server. An X Windows environment provides users to run X programs like xterm, OpenOffice, Mozilla Firefox and a host of other useful graphical software packages.

There are times, however, when users need to log in to a Linux machine using the graphical X Windows System from a remote computer, like a Windows PC for example. The remote Windows PC would first need to have an X Windows Server installed like Xming, Exceed Hummingbird, or my personal favorite X-Win 32.

When installing Red Hat Enterprise Linux, the system defaults to a secure configuration which does not allow remote graphical logins or remote desktop access. This article explains the configuration changes required to allow remote access to a Red Hat Enterprise Linux system (RHEL) using the X Display Manager Control Protocol (XDMCP) or GDM (GUI login).

Configure Linux to use GUI Logins

One of the first steps is to make certain the Red Hat Linux environment is configured to use a graphical (GUI) login. A Linux environment allows for either a text login or a graphical (GUI) login. This option is specified in the init script configuration file /etc/inittab. In order to allow remote graphical (GUI) logins, the environment itself must be configured for a X11 GUI login. Make certain the system is configured with the correct X11 runlevel (which in this case is runlevel 5):

Granting Remote Access to the Login Manager

The next step is to grant MS Windows users remote GUI access to the Red Hat Linux system. More specifically, we need to grant access to the RHEL Login Manager. Use the GDM Login Manager for RHEL 5 or higher while using the XDM Login Manager for RHEL 3 and RHEL 4.

GDM Login Manager

First, edit the file /etc/gdm/custom.conf and add the following two entries:

[xdmcp]
Enable=true
[security]
DisallowTCP=false
AllowRemoteRoot=true

Next, restart X Windows:

[root@racnode1 ~]# init 3
[root@racnode1 ~]# init 5

The final step is to configure the GDM login manager using the gdmsetup utility:

[root@racnode1 ~]# gdmsetup

After starting the gdmsetup utility, click the Remote tab. Under the Remote tab, change the Style pull-down menu selection from ‘Remote login disabled‘ to ‘Same as Local‘:

Figure 1: Modify Remote Style to ‘Same as Local’

After configuring remote access to the GDM login manager, select the Security tab. Under the Security tab, I checked the options:

Allow local system administrator login

Allow remote system administrator login

Figure 2: Security – Allow Local / Remote System Administrator Logins

Exit from the gdmsetup utility and restart the GDM service:

[root@racnode1 ~]# /usr/sbin/gdm-restart

You can test the GDM login screen locally using the following:

[root@racnode1 ~]# X -query localhost :1

XDM Login Manager

The XDM login manager is used for older releases of Red Hat Linux. For example:

Red Hat Enterprise Linux 3

Red Hat Enterprise Linux 4

CentOS 3

CentOS 4

Fedora Versions 1 through 6

Use the following steps to enable the services and modify the files necessary to configure the XDMCP:

To do this, edit the /etc/X11/xdm/Xaccess file and open the connection to hosts by un-commenting the line:

* #any host can get a login window

or enter individual IP addresses of selected hosts.

SuSE users can do the same by editing the file /usr/X11R6/lib/X11/xdm/Xaccess.

Next, open the file /etc/X11/xdm/xdm-config and comment out the line:

# DisplayManager.requestPort: 0

Make sure to run the program xdm as the root user account.

[root@racnode1 ~]# xdm &

The xdm command (X Display Manager) manages a collection of X displays, which may be on the local host or remote servers. The design of the xdm command was guided by the needs of X terminals as well as the X Consortium standard XDMCP (the X Display Manager Control Protocol).

If things still do not work, you may need to reboot the server or restart the xdm if it was already running.

Remote X Server Access from a Linux Client

So, what if your client workstation is a Linux machine and you want to obtain a graphic login to another Linux machine? From the client workstation, use the Xnest utility as follows:

# Xnest -query <machine-name> -geometry <resolution> :1

For example, if my Linux workstation is named oemprod and I want to remotely access node racdb2:

[root@oemprod ~]# Xnest -query racdb2 -geometry 1280x1024 :1

Figure 3: Linux Xnest Example

Troubleshooting

Probably the most common error when configuring graphic remote login access is the Linux firewall rules. Make certain the Linux firewall rules allow the XDMCP protocol to pass:

Finally, ensure the following ports and protocols are able to pass through the firewall:

XDMCP / X11 Ports and Protocols

Protocol

Port

Data Type

UDP

177

XDMCP

TCP

6000-6005

X11 protocol

TCP

7100

xfs: X font server

About the Author

Jeffrey Hunter is an Oracle Certified Professional, Java Development Certified Professional, Author, and an Oracle ACE. Jeff currently works as a Senior Database Administrator for The DBA Zone, Inc. located in Pittsburgh, Pennsylvania. His work includes advanced performance tuning, Java and PL/SQL programming, developing high availability solutions, capacity planning, database security, and physical / logical database design in a UNIX, Linux, and Windows server environment. Jeff’s other interests include mathematical encryption theory, programming language processors (compilers and interpreters) in Java and C, LDAP, writing web-based database administration tools, and of course Linux. He has been a Sr. Database Administrator and Software Engineer for over 17 years and maintains his own website site at: http://www.iDevelopment.info. Jeff graduated from Stanislaus State University in Turlock, California, with a Bachelor’s degree in Computer Science.

2 Responses to XDMCP CONFIGURATION FOR REDHAT 5 (X MANAGER)

Does your blog have a contact page? I’m having problems locating it but, I’d like to shoot you an
e-mail. I’ve got some recommendations for your blog you might be interested in hearing. Either way, great blog and I look forward to seeing it develop over time.